Domain management: a best practice guide

By Nick Wood, Com Laude

Registration strategies

The first step in an intelligent domain strategy is to look at trademark registration strategy. What has been registered and where? Is there a pattern of registration in the trademark system that can be duplicated in the domain name system? For example, is there a list of ‘crown jewel’ trademarks and priority jurisdictions?

in key geographic locations where a company currently has offices, distributors, licensees or customers;

in potential geographic locations of interest for commercial expansion;

in jurisdictions where infringers are active (eg, because the local domain registry does not offer dispute resolution, the price of registration is low, loose formalities allow anyone to register anything and there is a culture of cybersquatting). One could presently characterise China and Russia as two jurisdictions where preventative registration makes sense; and

in any ccTLD where registration is free (eg, ‘.tk’ (Tokelau), which is operated by Dutch entrepreneurs under licence from this Pacific island’s government).

The subsequent pattern of registration needs to be enhanced by ensuring that you have covered the unrestricted generic top-level domains (gTLDs) which are available to anyone, anywhere in the world. These include:

all of the important legacy gTLD registries (eg, ‘.com’, ‘.net’ and ‘.org’);

relevant new gTLD registries (eg, if you were in the real estate business you would look at cities and geographies where you trade, as well as ‘.apartments’, ‘.haus’, ‘.house’, ‘.property’, ‘.properties’, ‘.realtor’, ‘.realty’, ‘.reit’, ‘.rent’ and ‘.rentals’); and

internationalised domain names. Whether in the gTLDs or the ccTLDs, it is important to consider registration in scripts other than Ascii (eg, Arabic, Chinese or Cyrillic), if this is how you communicate with customers or staff. Take care that the requested domain is in accordance with company trademark policy. Do not request a transliteration if you want a translation. Use your local legal experts to check your applications and registrations. Do not trust retail registrars, who have been known to use Google Translate to suggest a string, sometimes with disastrous consequences.

Figure 1. Domain name registration process flow

There can be benefits to registering misspellings, if such domains are redirected and drive traffic – but these should generally be avoided, as should compound words. In considering which misspellings to register, ask those responsible for search engine optimisation to provide a list of terms that customers commonly type into browsers.

If a mark features two or more words, then to maintain customer confidence you should consider registering a domain in key jurisdictions both with and without a hyphen.

All domains should be held in a secure database under the control of the in-house expert, preferably alongside trademark information.

It helps to justify a global portfolio of registrations if every domain name points to a web page with live content. This ensures that each domain pays its way, acting as a signpost to information that reflects well on the owner.

Pay attention to creating harmonised WHOIS records. WHOIS records are published on the Internet and help third parties to look up who owns a domain name. Therefore, uniform contact information that accurately reflects your ownership and identifies role contacts who can answer questions on a domain is desirable. Where possible, the registered owner of a domain should be the same as the owner of the corresponding trademark. If this entity is ‘John Doe (Europe) Holdings Limited’, do not settle for an abbreviation such as ‘John Doe Ltd’ – this may be challenged by the registry if you try to transfer the domain.

In jurisdictions where the registry formalities require a company to use a local presence, all domains featuring the local presence in the record of registration should be standardised. It is good practice for the ultimate owner of such a domain to have a beneficial ownership agreement with the local representative, defining the extent of the authority of the local agent.

Frequently, registries with local-presence requirements will also ask for information to support the application proving a connection to the jurisdiction. This could be a company formation, a local tax number or a trademark certificate. Prudent brand owners record which domain names are dependent on trademarks in case of disposals.

The process for requesting a new domain name registration must be clear in any corporation. Requestors from a business should have an understanding of who to ask for a new domain registration and who will pay for it (ie, whether the money comes from their budget, IP or legal or another pot). They should also be able to prioritise the registration and give clear instructions on where the domain should point.

Larger corporations frequently capture their domain name policy in a written document.

Renewal and lapsing strategies

Commerce-critical and ‘crown jewel’ domains should be registered for up to 10 years. Other domains should be registered for single-year periods, unless there is a price discount from the registrar for multiple years.

Generally, renewal reminders and invoices will be sent by a registry operator to the registrar, not to the registrant. Best-practice registrars will remind a registrant of a forthcoming renewal to a schedule that suits the client – frequently somewhere between 90 and 30 days in advance of a renewal date – setting out the date of renewal, the official registry fees and any other related fees (eg, those related to maintaining a local presence or the registrar’s service charge). All critical domains should be placed on auto-renew, meaning that the registrar has the authority to renew the domain name in advance unless told to lapse.

Allowing a domain name portfolio to roll over, year by year, without a review leads to an increase in low-value or time-limited domains. ‘MayDay2017.com’ is not very useful in May 2018.

Figure 2. Domain name renewal process flow

From time to time – and no less frequently than once every three years – the in-house domain champion should review all domain names the company owns. The possibility of lapsing unused domains or domains that are no longer needed should be discussed.

During this process, the possibility of adding registry locks should be considered. Locking helps to prevent unauthorised or accidental modifications and transfers, because the registry will implement an instruction only after following a two or three-factor authorisation process, usually featuring an ‘out of band’ (ie, non-internet-enabled) step, such as telephoning a specified representative at the registrar, who must provide a password. Registry locks are not available from all registries, but should be considered for all critical domains, balancing the need for security against the need to respond quickly in the event of an emergency revision being required.

‘Super locks’ at the registrar level, which prevent any unauthorised person inside the registrar from making a change, are essential too.

No domain name should be deleted or disposed of without the prior approval of the in-house domain champion. It is good practice to remove any resource settings from a domain name well in advance of lapsing, so that it ceases to point to any website or carry any content. This means that the domain investors which monitor domains that are ‘dropping’ (ie, being made available for re-registration by registries) will not be attracted by a volume of legacy traffic which they can exploit by grabbing the domain and directing it to a ‘pay per click’ page.

Maintenance and management strategies

Many IP experts in charge of domain names find the volume of domains for which they are responsible overwhelming. It seems easier to pay for a portfolio that increases year on year than to ‘right size’ it. It seems simpler to pay for 25 domains of little value than to run the risk of lapsing a domain that might come in useful six months down the line. It seems preferable to lock out infringers through defensive registration than to tackle domain name abuse. It seems less painless to defer decision making to a trusted registrar – and few of them are likely to encourage you to cut your portfolio – than to try to negotiate a reduction in its charges to compensate for a swelling portfolio.

There is one relatively simple step that all IP experts can take to combat this natural reluctance to focus on domain names: prioritising domains into four (or more) levels based on their importance and value. This categorisation process helps to keep the focus on critical domains and aids efficient decision making, with the result that resources are maximised. This prioritisation process – including where the lines are drawn between categories – should be undertaken carefully, with due regard to the value placed on marks in the trademark portfolio.

It might feature the following four levels, for example.

Level-one domains

These are domains that match ‘crown jewel’ trademarks or support commerce-critical or core corporate websites. Generally up to 5% of a portfolio can be categorised as level one; otherwise, the prioritisation is incorrect. There would be a direct customer or business impact in the event of the failure of or a successful malicious attack on a level-one domain. All level-one domains should carry locks at the registry and registrar level. They should be registered for multiple years, on auto-renew. The primary ‘.com’ registration, the home-country ccTLD registration and the domains that support the company intranet and email should be in this category. Any change to a level-one name should require sign-off from the in-house domain name champion, a senior trademark expert and an IT or web specialist. Your registrar must be informed of this process and should make changes to level-one domains only when it has received appropriate authorisation. When changes to level-one names are made – including opening and shutting registry locks – the process must be documented. ‘Shoulder surfing’ should be required at each stage of the process, at both the client and the registrar end. This means that the actions of an individual are supervised and checked by a colleague standing next to the individual during the process. It ensures that locks are closed after changes are completed.

Level-two domains

These are domains that are important to communication but not critical, and which should account for perhaps 10% of a portfolio. Level-two domains might support informational websites for country-specific businesses, but nothing connected with e-commerce. While nobody wants an interruption to any domain, if a level-two domain is taken offline, the impact on the bottom line of the corporation or its global reputation should be low. Level-two names should also be considered for locks, but locks should not be mandatory. Level-two domains should be placed on auto-renew; however, the process to change a level-two domain can be simpler, requiring the sign-off of the domain champion and one other person.

Level-three domains

These are good-to-have registrations, mostly filed for defensive purposes or perhaps to support a short-term initiative that has now expired (so a level-two domain becomes level three after its useful life has expired). Holding such domains is probably cheaper than trying to reclaim them from third parties, especially if they can be pointed to websites so that they support navigation by consumers. Up to 80% of a portfolio might be classified as level-three domains. They can be set on auto-renew, but should not be renewed for more than one year at a time. They should be reviewed every three years with a view to culling them by 15%, to account for an average annual portfolio growth of perhaps 5%.

Level-four domains

These are low-value domains, perhaps part of a bundle reclaimed from infringers after a Uniform Domain Name Dispute Resolution Policy action or registered initially for entities that have been dissolved or discontinued marketing initiatives. They might reflect the old name of a product or service or be based on misspellings that are rarely typed. They have no commercial value and should be set to lapse at the end of their life or at a key date in the year.

Crucially, the level that a domain name is in should be entered into the in-house IP database of domain names and associated with the corresponding record for the trademark. Ideally, the reasons why any changes are made to level-one and level-two domains should also be recorded here, along with the details of the requestor.

Transfers

When facing the prospect of transferring in or away a portfolio of domains, there are a few rules to follow which can make the task much easier.

Transfer plan

Establish a transfer plan that features a report on every domain, including:

its registered owner;

its jurisdiction;

whether it carries live settings;

its level (and therefore its value to the business); and

its expiration date.

Armed with this report, a staged process can be implemented which should feature weekly status updates and the possibility to ‘huddle’ with your registrar and your in-house technical and business colleagues to resolve any issues.

Review and cull

Review all domains that are to be moved and take the opportunity to cull any that are not necessary. There is no point in moving registrations of limited value; however, at an early stage check Domain Name System queries and traffic and ask the responsible managers to identify any domains supporting live sites.

Renewals

Get a report on renewals due in the next three months. Focus on gTLDs with a renewal date in the next month and ccTLDs in the next two months: if you want to keep these domains, get them renewed either by the losing registrar or by the gaining registrar, if the losing registrar is cooperative in facilitating a quick transfer.

Registries

Your formal transfer plan should be segmented to feature three kinds of registry.

Automated registries

This includes almost all gTLDs (legacy and new) and about 100 ccTLDS. These registries usually transfer domains from one registrar to another using ‘auth-codes’, where the gaining registrar has an auth-code for each domain, provided by the losing registrar, which enables the transfer.

Semi-automated registries

These are registries where the transfer process requires some manual intervention, such as logging into an online account. The gaining registrar sometimes has to pull domains one at a time, but it can be done in batches; sometimes the registry will assist.

Manual registries

These registries can be divided into two groups:

those which require one of the registered contacts on the WHOIS record as a representative of the domain owner to acknowledge the transfer of a domain by email; and

those which require a hardcopy letter of authority on company letterhead, which must match the name of the registered domain owner.

Sometimes the letter must be notarised or in a local language. The support of a local agent may also be required to hold the domain for you under a beneficial ownership agreement.

The time spent preparing for a transfer project is proportional to its success: know your goals and your deadlines.

If these simple rules are introduced and adhered to, managing a complex corporate portfolio of domains need not be taxing.

Nick Wood is managing director and co-founder of Com Laude. He has a real passion for domain names, and believes that it is an emerging industry in a time of great change – a time where best practice is not well established. He spends considerable time immersed in the Internet Corporation for Assigned Names and Numbers environment, representing client issues in policy discussions and staying abreast of the latest changes, in order to keep clients abreast of the latest developments and enable them to make informed decisions about their online IP strategies.

Mr Wood is a director and council member of MARQUES, an associate member of the Institute of Trademark Attorneys and a committee member at the International Trademark Association.

Share this article

Trending

World Trademark Review examines the IP profile of Argentina, exploring the potential impact of the new emergency decree on trademark law, while providing a thorough breakdown on filings at the Argentine register.

The owners of a London stadium have sent a cease and desist letter to 125 year-old football club Dulwich Hamlet over the continued use of its name. However, industry experts suggest that the registration could be vulnerable...

Retail giant Amazon has come in for more criticism over the sale of fakes on its platform, this time for selling copycat Google Chromecast products. Pressure grows for the company to take more action against...

Related content

More than ever, companies need to balance the need for promotion with protection by making intelligent domain registration decisions. They also need to ensure that domain assets, once registered, are completely secure.

There is no requirement to use a mark in order to acquire trademark rights. The Romanian trademark system is based on the first-to-file principle and registration is possible without preliminary use. If a trademark is refused registration for lack of distinctive character, this...

Corporate domain name management companies are often asked the question: “What does an optimal portfolio look like?” There is no single right answer to this question, as a domain name portfolio depends on a number of factors, such as appetite for risk, budget, ability to manage...